Contractor: Security Developer
The Open Home Foundation is looking for a Security Developer to join our Ecosystem department on a contract basis.
This department is responsible for the development of various projects under the Open Home Foundation umbrella, including ESPHome. We deeply care about the security and privacy of users working with our products or building devices with ESPHome. We want to ensure our base framework follows good security patterns so users and companies building on ESPHome firmware can create devices that are as secure as possible.
To achieve this, we will be working with an external agency to perform a full security audit on ESPHome and its related tools. The ESPHome team is currently short on dedicated security expertise, so we are looking for an expert contractor to bridge this gap.
This role will be involved in hardening the code used in ESPHome, the project that allows turning common microcontrollers into smart home devices. ESPHome consists of a large core codebase written in C++ and a code generation component written in Python. Therefore, we require a candidate to be skilled in both programming languages, with a heavy emphasis on security hardening in an embedded context.
What you are going to do
Review the existing codebase to identify and fix low-hanging fruit regarding security vulnerabilities before the external audit begins.
Act as the primary technical point of contact to guide the external agency when they are performing the security audit on ESPHome and its tools.
Triage the findings from the external agency and fix (at least) the high-priority security issues found during the audit.
Work hand-in-hand with other team members within the ESPHome team to ensure security best practices are followed as the application evolves.
Review code from other team members and community contributors with a specific focus on security implications.
Fix bugs related to security technical debt.
What you need to have
Senior experience in the security hardening of software.
Strong expertise in C++ development (used in the ESPHome core).
Strong expertise in Python development (used in ESPHome tooling).
Experience with and interest in microcontrollers and embedded systems.
Experience guiding or participating in professional third-party software security audits.
Experience with Git and GitHub.
Professional Fluency in English: Excellent written and verbal communication skills in English.
It would be great if you also have
A passion for smart homes and automation.
Experience as an ESPHome or Home Assistant user.
Knowledge of IoT-specific security challenges (e.g., local network security, encryption on resource-constrained devices).
What we offer you
This is a temporary contractor position. The duration will cover the pre-audit preparation, the active audit phase, and the subsequent remediation phase.
The Open Home Foundation is a fully remote organization; you can work from anywhere in the world.
Because we are a fully remote company, there is no fixed schedule. However, for team communication, we try to ensure at least 3 hours of overlap in the workday. Most of our team is based in Europe
Your point of contact will be our Ecosystem Lead, who is based in the Netherlands.
Compensation will be based on an agreed-upon hourly or project rate commensurate with senior security expertise.
About us
The Open Home Foundation is a non-profit organization based in Switzerland, with the objective of fighting for the fundamental principles of privacy, choice, and sustainability for smart homes. It does this by supporting the development of open-source projects and open connectivity and communication standards.
A big part of this is Home Assistant, but the Open Home Foundation also owns or collaborates with other projects important to promoting privacy, choice, and sustainability in the smart home, like ESPHome.
The recruitment process
Apply for the project.
Our team will review your application.
Initial interview.
Technical assessment or discussion regarding security approaches.
Interview with the team.
Contract Offer.
Average salary estimate
If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.
Lead full-stack development of cloud-native digital health products using React and Python while mentoring engineers and collaborating closely with clients.
Brown Brothers Harriman is hiring a Systems Programmer Analyst in Jersey City to build, test and maintain Java enterprise applications using Spring, PL/SQL, and modern CI/CD tooling.
Auctor seeks a Senior Backend Software Engineer in New York to architect and build scalable backend systems powering AI-first enterprise services.
Senior technical leader needed to architect and build WISEcode's core data and computation platform, ensuring correctness, scalability, and long-term evolvability for AI-driven products.
Work on Agentforce at Salesforce to build scalable generative AI services, integrate LLMs with citations and guardrails, and deploy ML-driven systems used by millions.
Build and maintain full-stack web applications and Python tools at Intuitive to support surgical robot manufacturing, testing, and data-driven reporting.
Staff Software Engineer — Front End at Visa to design and deliver scalable web experiences and services that power global payment platforms.
Help build high-performance, user-facing Web3 dApps on a parallelized EVM stack as a Fullstack Engineer at a venture-backed blockchain infrastructure team.
Join a passionate engineering team in Alpharetta to build scalable Java/SaaS integrations and web applications that power omni-channel fulfillment for enterprise customers.
Illumio is hiring a Staff Software Engineer to architect and implement Kubernetes-focused security and segmentation features for its Zero Trust platform in Sunnyvale, CA.
Senior Full-Stack Software Engineer (front-end focused) needed to lead Angular SPA development and collaborate on Java-based back-end architecture for scalable enterprise applications.
Lead architecture and end-to-end delivery of Orum's real-time calling platform as a Staff Full-Stack Engineer, building scalable Node/TypeScript backends and React frontends to power live voice workflows.
Lead the design and implementation of NGFW core system infrastructure and platform security at Palo Alto Networks, working on Linux-based systems, embedded kernel/OS features and secure platform services.
🔮
Hi, I'm Risa! Your AI Career Copilot
you, just ask me below!
